There is a web server in the virtual machine.
It is necessary to make sure that all traffic on ports 80 and 443 is wrapped on this virtual machine without changing the client's ip-address.
My iptables:
iptables -F iptables -t nat -F iptables -t mangle -F iptables -X iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o vmbr0 -j SNAT --to-source 'xxxx iptables -t nat -A POSTROUTING -o vmbr1 -j SNAT --to-source 192.168.0.1 iptables -t nat -I PREROUTING -p udp -m udp --dport 60000:61000 -j DNAT --to 192.168.0.200:60000-61000 iptables -A PREROUTING -t nat -i vmbr0 -p tcp -d 'xxxx --dport 18180 -j DNAT --to 192.168.0.200:22 iptables -A PREROUTING -t nat -i vmbr0 -p tcp -d 'xxxx --dport 17172 -j DNAT --to 192.168.0.102:22 iptables -A PREROUTING -t nat -i vmbr0 -p tcp -d 'xxxx --dport 17171 -j DNAT --to 192.168.0.101:22 iptables -A PREROUTING -t nat -i vmbr0 -p tcp -d 'xxxx --dport 3000 -j DNAT --to 192.168.0.101:3000 iptables -A PREROUTING -t nat -i vmbr0 -p tcp -d 'xxxx --dport 443 -j DNAT --to 192.168.0.200:443 iptables -A PREROUTING -t nat -i vmbr0 -p tcp -d 'xxxx --dport 80 -j DNAT --to 192.168.0.1:80 iptables -A PREROUTING -t nat -i vmbr0 -p tcp -s yyyy -d 'xxxx --dport 8080 -j DNAT --to 192.168.0.102:80 iptables -A PREROUTING -t nat -i vmbr0 -p tcp -s yyyy -d 'xxxx --dport 8081 -j DNAT --to 192.168.0.102:8081 iptables -A INPUT -p TCP --dport 80 -j ACCEPT iptables -A OUTPUT -p TCP --dport 80 -j ACCEPT iptables -A INPUT -p TCP --dport 443 -j ACCEPT iptables -A OUTPUT -p TCP --dport 443 -j ACCEPT iptables -A INPUT -s yyyy -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #iptables -I INPUT 1 -p udp --dport 60000:61000 -j ACCEPT #iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-host-prohibited iptables -P INPUT DROP 
